microsoft s next generation secure computing base formerly palladium l.
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft’s Next-Generation Secure Computing Base, formerly Palladium PowerPoint Presentation
Download Presentation
Microsoft’s Next-Generation Secure Computing Base, formerly Palladium

Loading in 2 Seconds...

play fullscreen
1 / 24

Microsoft’s Next-Generation Secure Computing Base, formerly Palladium - PowerPoint PPT Presentation

  • Uploaded on

Microsoft’s Next-Generation Secure Computing Base, formerly Palladium Kit Colbert Student Consultant Representing Microsoft What is Palladium? A set of hardware and software extensions to make the PC more trustworthy. Today’s apps will still run just fine.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Microsoft’s Next-Generation Secure Computing Base, formerly Palladium' - andrew

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
microsoft s next generation secure computing base formerly palladium

Microsoft’sNext-Generation Secure Computing Base,formerly Palladium

Kit ColbertStudent Consultant Representing

what is palladium
What is Palladium?
  • A set of hardware and software extensions to make the PC more trustworthy.
  • Today’s apps will still run just fine.
  • You can disable Palladium extensions if you choose.
  • What exactly is trustworthy computing?
  • Good question…
trustworthy computing
Trustworthy Computing
  • Trustworthy: worthy of confidence.
  • Examples:
    • Credit card numbers that can’t be stolen.
    • Personal diary that can only be written and viewed by you or people you choose.
    • Someone is who she says she is.
  • There are currently ad-hoc solutions for some of these concerns, Palladium seeks to solve them all.
who to trust
Who To Trust?
  • Applications?
  • Operating systems can programmatically subvert applications.
  • Operating System?
  • Hardware can programmatically subvert operating systems.
  • Hardware?
  • Humans can subvert hardware, but not programmatically.
  • So we have to start off trusting the hardware.
chain of trust
Chain of Trust
  • We start off trusting the hardware and build up, thus creating a chain of trust.


Operating System


palladium s goals
Palladium’s Goals
  • Usher in a new era of trustworthy computing by enabling the PC to:
    • Perform trusted operations
    • Span multiple computers with this trust
    • Create dynamic trust policies
    • Allow anyone to authenticate these policies
how palladium will do it
How Palladium Will Do It
  • Specifically, Palladium will add four new security features that increase the trustworthiness of the machine:
    • Protected memory
    • Attestation
    • Sealed storage
    • Secure input and output
  • It primarily does this through cryptographic keys and algorithms.
hardware extensions
Hardware Extensions
  • Security Support Component (SSC)
  • Secure communication channels for:
    • I/O
    • Graphics
    • Network
    • Storage
    • Chipsets
  • CPU op-codes, registers, interrupts, and status bits
software extensions
Software Extensions
  • Nexus
    • (the kernel)
    • shared source
  • Trusted agents
    • (the applications)
  • So what is this, a whole other operating system??
  • Well, sort of…
the new view
The New View
  • Two parallel operating systems?
  • Not quite, the trusted kernel still relies on the untrusted kernel for most of its functionality.

User Mode


User Mode

Kernel Mode


Kernel Mode

ssc nexus interaction
SSC/Nexus Interaction
  • Sealed storage:
    • SSC’s symmetric key, call it ‘s’
    • SSC hash of running Nexus kernel, call it ‘h’
    • Arbitrary data pointed to by pointer ‘p’
    • SSC implements two operations:
      • c = SEAL(p)
      • p = UNSEAL(c)
    • Example implementation:
      • SEAL: aes_encrypt(s+h, p)
      • UNSEAL: aes_decrypt(s+h, p)
  • If either SSC or Nexus changes, can’t retrieve data!
bringing it all together
Bringing It All Together
  • Closed sphere of trust:
  • Trusted Computing Platform Alliance
    • Group of companies (about 200)
    • Biggest players:
      • Microsoft
      • Intel
      • Compaq
      • HP
      • IBM
  • Same goal as Palladium: trustworthiness
all about the hardware
All About the Hardware
  • TCPA specification only for hardware
    • It’s operating system agnostic
  • Complete TCPA 1.1b spec online
  • One implementation of it in production machines (one version of IBM Thinkpad)
  • Palladium uses some of the TCPA spec
how palladium will affect you
How Palladium Will Affect You
  • A Palladium PC will still run non-trusted apps
    • So everything you have now will still work
  • Palladium is opt-in
    • You have to explicitly choose to use it
  • Signed binaries means less chances of a trojan or virus inserted into commonly used programs
your information is secure
Your Information is Secure
  • All your personal information is stored on your home machine, not on some company’s server.
  • You control precisely who sees what and what they can do with it.
  • No more doctor’s new patient forms, no more filling out credit card apps, etc.
digital rights management
Digital Rights Management
  • Probably the biggest issue with Palladium
  • Palladium will enable the media companies to protect their content
  • Which raises some questions:
    • So no more fair use?
    • Can I still pirate?
  • Fair use: probably not for the short term
  • Piracy: you can still do it on the non-trusted side
open source and palladium
Open Source and Palladium
  • Will operating systems like Linux still run on a Palladium PC?
    • Definitely.
  • Not only will Linux still run, but it could in theory be modified to have a Nexus
    • Thus it could run trusted apps
no user authentication
No User Authentication
  • User authentication is done through Windows
    • Ie, usual Windows logon
  • User is tied to the machine and its keys
    • Everything encrypted with combination of machine’s SSC and Nexus keys
    • Switching machines could be tedious
3 phase deployment plan
3-Phase Deployment Plan
  • Deploy in corporations
    • Use in internal networks
    • Make sure sensitive data isn’t leaked
  • Get major media companies involved
    • Create trusted content and applications
  • End users/consumers
    • Use the trusted apps and content
    • Distribute personal information
  • Palladium is a platform
    • Enables ISVs to write trusted apps easily.
  • First version in future version of Windows
    • Sometime around 2005 or 2006
  • Will it work?
    • Who knows. Microsoft hopes so.
  • Do you want it to work?
    • There are good and bad outcomes of it.
    • It’s a personal decision.
palladium links
Palladium Links
  • Microsoft Palladium: A Business Overview
  • Microsoft NGSCB Technical FAQ
  • Palladium Details
  • Microsoft Meeting on Palladium
  • EPIC’s Palladium Coverage
  • Inside Microsoft’s Secure OS Project Palladium,3973,837726,00.asp
  • MIT Palladium Presentation
more palladium links
More Palladium Links
  • Interview with Palladium’s Mario Juarez
  • Q&A: Palladium Initiative
  • TCPA / Palladium FAQ
  • TCPA and Palladium: Sony Inside
  • TCPA and Palladium Technical Analysis
  • Palladium and the TCPA
  • TCPA Homepage